Last updated: 6th February 2024
Underfloor Heating Merchants Ltd ("Underfloor Heating Merchants") values your privacy and is committed to protecting it. This Privacy Notice explains how we collect, use, share, and store personal information about you. It also outlines your rights regarding your personal data and how to exercise them.
This Privacy Notice applies to personal data we collect through www.thermalfloor-quoting-tool.com or other websites that Underfloor Heating Merchants operates that link to this policy ("collectively Websites”), as well as through our products and related service offerings. If you have any questions or concerns about how we handle your personal data, please contact us using the contact information provided at the end of this document.
The personal information we may collect falls into the following categories:
Information You Provide Voluntarily: Certain areas of our websites may require you to provide personal information willingly, such as when you register for an account, request technical support, subscribe to marketing communications, sign up for events, access content, or submit inquiries. We will clearly inform you of the data we collect and the reasons for collecting it at the point of collection.
Information Collected Automatically: When you visit our websites, we may automatically collect certain information from your device. In some jurisdictions, including those in the European Economic Area, this information may be considered personal data under applicable data protection laws. This information may include your IP address, device type, unique device identifiers, browser type, broad geographic location (country or city level), and other technical data. We may also collect information about how your device interacts with our websites, such as the pages you access and links you click.
Collecting this information allows us to better understand who visits our websites, where they come from, and which content they find most relevant. We use this information for internal analytics and to improve the quality and relevance of our websites for our visitors. Some of this information may be collected using cookies and similar tracking technologies.
Information Obtained from Third Parties: Occasionally, we may receive personal information about you from third-party sources, such as lead generation providers, partners, content syndication providers, third-party enrichment tools, or meeting maker vendors. We only collect information from third parties that have your consent or are otherwise legally permitted to share it with us. The types of information we collect from third parties include name, contact information, job title, company data, and internet activity. We use this information to market our services to you.
Sensitive Personal Data: We may collect sensitive personal data, or special category personal data, from our customers in the course of providing our services. We do not use sensitive personal data for any other commercial purpose, we do not sell sensitive personal data, and we do not share sensitive personal data for online advertising.
We are committed to protecting your personal data. We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, use, disclosure, alteration, destruction, or accidental loss.
We may share your personal data with the following categories of recipients:
Broad Categories Collected
Types of third parties we share with
Identifiers
Group companies, service providers, and partners
Select Information in Customer Records
Group companies, service providers, and partners
Commercial Purchasing Information
Group companies, service providers, and partners
Internet or Network Activity
Group companies, service providers, and partners
Underfloor Heating Merchants has no actual knowledge that it sells or shares the personal information of individuals under 16 years of age.
The foundation upon which we collect and utilise the personal information described above is contingent on the specific data type and the context in which it is obtained. Typically, we will gather your personal information only if:
In certain situations, we may also be legally obligated to collect your personal information or require it to safeguard your or someone else's vital interests. If we request your personal information to comply with a legal obligation or fulfil a contract, we will clearly inform you at the appropriate time and advise you whether providing your personal information is necessary or not (along with the possible consequences of not providing such data).
If we collect and utilise your personal information based on our legitimate interests (or those of any third party), it will typically be to operate our platform and communicate with you as required. For example, responding to your inquiries, analysing platform usage and improving our services, undertaking marketing activities for existing customers within legal limits, and detecting or preventing illegal activities. We may have other legitimate interests, and we will inform you at the relevant time what those interests are. We rely on these legal bases to process data for the following purposes: to assist in providing services (e.g., customer support and usage data) and to market our services to you within legal limits.
If you have any questions or require further information regarding the legal basis upon which we collect and utilise your personal information, please contact us using the contact information provided under the "How to contact us" heading at the bottom of this notice.
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Website owners can utilise cookies for various purposes, including enabling their websites to operate effectively, providing personalised content and advertising, and generating website analytics.
Our website utilises first-party and third-party cookies for various purposes. Essential cookies are crucial for operating our site, while additional cookies enhance user experience by providing personalised content and advertising.
First-party cookies gather standard information like browser type, language, access times, and the previous website visited. They also collect IP address, clickstream behaviour, and product information.
Third-party advertising networks, contracted by Underfloor Heating Merchants, collect non-personal and personal data through our website, emails, and third-party websites. These networks track online activities to deliver tailored ads about products and services across the web. This process also aids in monitoring marketing effectiveness.
The website may incorporate third-party social media features and widgets. These components may collect IP address, visited page, and set cookies for proper functioning. Interaction with these elements is governed by the respective provider's privacy policy.
If you want to learn more about cookies, or how to control, disable, or delete them, please visit http://www.allaboutcookies.org for detailed guidance.
Detailed information about first- and third-party cookies served and their purposes may be found on our cookie settings page.
Users have the choice to accept or reject cookies. Cookie preferences can be managed in the cookie settings page. Our cookie consent tool automatically honours Google Consent.
Web browser controls can be configured to accept or reject cookies. While rejecting cookies may restrict site functionality, it's still possible to access the website. Refer to browser help menus for specific instructions. Targeted advertising opt-out options are available through most advertising networks. Visit http://www.aboutads.info/choices/, http://www.youronlinechoices.com, or http://www.youronlinechoices.eu
Underfloor Heating Merchants employs appropriate technical and organisational measures to safeguard personal data collected and processed. These measures aim to provide a security level commensurate with the risk associated with handling personal data.
Underfloor Heating Merchants resides on leading cloud service providers (linked on our security page) utilising industry-standard security protocols to protect personal data. Personal data is stored on private servers within a secure security group. End-user to server connections are encrypted using SSL, and server software is updated regularly with the latest security patches.
Your personal data may be transferred to, and processed in, countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. However, we have taken appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Notice.
Underfloor Heating Merchants is committed to safeguarding the privacy of personal data transferred from the European Union, United Kingdom, and Switzerland. To ensure compliance with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF"), Underfloor Heating Merchants has certified that our data processors are compliant with the DPF. These DPA agreements may be referenced here -
Underfloor Heating Merchants - INSERT ANY OTHER DPA LINKS HERE
Underfloor Heating Merchants is accountable for the personal data it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, even if it is subsequently transferred to a third party. This means that Underfloor Heating Merchants remains responsible and liable if these third-party agents process the personal data in a manner inconsistent with the principles of the DPFs, unless Underfloor Heating Merchants can demonstrate that it is not at fault for the resulting harm.
We retain your personal data as long as we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with legal requirements). When we no longer have a legitimate business need to process your personal data, we will either delete or anonymize it, or if this is not possible, securely store it and isolate it from any further processing.
You have the following data protection rights:
You can exercise these rights by contacting us using the contact details provided under the "How to contact us" heading at the bottom of this notice.
We do not use or disclose your sensitive personal data, except for the purposes of providing services to our customers.
We will not discriminate against you for exercising your data protection rights.
You can authorise another person to make a data privacy request on your behalf. To do this, you will need to provide us with a written authorization that includes the specific data protection request you want the authorised agent to make.
You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority.
If you are not satisfied with our response to your data privacy request, you have the right to appeal our decision. To do this, please contact us using the contact details provided under the "How to contact us" heading at the bottom of this notice. If you are not satisfied with the result of the appeal, you have the right to contact your respective attorney general depending on where you reside.
We verify data protection requests to ensure that they are legitimate and to prevent unauthorised access to your personal data. Our verification process is based on matching personal data provided by the requestor with personal data that we have on file with the requestor. The personal data points matched vary based on what Underfloor Heating Merchants has on the requestor, but Underfloor Heating Merchants uses multiple personal data points for verification. During the verification process, Underfloor Heating Merchants aims to avoid collecting additional personal data from the requestor that has not been previously collected by Underfloor Heating Merchants.
We may update this Privacy Notice from time to time in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
If you have any questions or concerns about our use of your personal data, please contact us at chrisfeltonuhm@gmail.com (we operate online), or at the following address:
Ruthvenfield Grove, Inveralmond Industrial Estate, Perth PH1 3FN
1.1 "controller", "processor", "data subject", "personal data" and "processing" (and "process") will have the meanings given in EU/UK Data Protection Law;
1.2 "Applicable Data Protection Law" means all worldwide data protection and privacy laws and regulations applicable to the Personal Data in question, including, where applicable, EU/UK Data Protection Law, US Data Protection Law, Serbian Data Protection Law, Canadian Data Protection Law, and the Swiss DPA;
1.3 “Breach” means an accidental or unlawful destruction, loss, alteration, or unauthorised disclosure or access that is in violation of Underfloor Heating Merchants’s security obligations under this Agreement by Underfloor Heating Merchants or its agents of which Underfloor Heating Merchants becomes aware. Breach will not include an unsuccessful Breach, which is one that results in no unauthorised access to Personal Data or to any Underfloor Heating Merchants equipment or facilities storing the Personal Data, and could include (without limitation) pings and other broadcast attacks of firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorised access to traffic data that does not result in access beyond headers) or similar incidents;
1.4 "Canadian Data Protection Law" means: (i) the Personal Information Protection and Electronic Documents Act S.C. 2000, c. 5; (ii) applicable provincial law; (iii) any and all applicable data protection laws made under, pursuant to or that apply in conjunction with any of (i) or (ii); in each case as may be amended or superseded from time to time;
1.5 “Data Privacy Framework” means the EU-US Data Privacy Framework, the UK extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework self-certification program operated by the US Department of Commerce;
1.6 “Data Privacy Principles” means the Data Privacy Framework principles (as supplemented by the Supplemental Principles);
1.7 "EU/UK Data Protection Law" means: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (the "EU GDPR"); (ii) the EU GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 (the "UK GDPR"); (iii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iv) any and all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i), (ii) or (iii); in each case as may be amended or superseded from time to time;
1.8 "US Data Protection Law '' means: (i) the California Consumer Privacy Act of 2018, including as amended by the California Privacy Rights Act of 2020, codified at Cal. Civ. Code §1798.100 et seq., upon the CPRA’s enforcement date of July 1, 2023 (together with its implementing regulations) (“CPRA”); (ii) the Virginia Consumer Data Protection Act; (iii) the Colorado Privacy Act; (iv) the Connecticut Personal Data Privacy and Online Monitoring Act; (v) the Utah Consumer Privacy Act; (vi) the Iowa Consumer Data Protection Act; (vii) the Indiana Consumer Data Protection Act; (viii) the Tennessee Information Protection Act; (ix) the Montana Consumer Data Privacy Act; (x) the Texas Data Privacy and Security Act; (xi) the Oregon Consumer Privacy Act; (xii) the Delaware Personal Data Privacy Act; and (xiii) any and all applicable comprehensive state data protection laws and regulations that are or are not yet in effect as of the Effective Date; in each case as may be amended or superseded from time to time;
1.9 "Serbian Data Protection Law" means: Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti; Official Gazette of the Republic of Serbia, no 87/2018). In the case of a transfer of Personal Data to a Non-Adequate Country, by entering into this DPA, the Customer is entering into the Serbian Standard Contractual Clauses (“Serbian SCCs”) as adopted by the "Serbian Commissioner for Information of Public Importance and Personal Data Protection", to provide an adequate level of protection. References to the Standard Contractual Clauses in this DPA will include the Serbian SCCs.
1.10 “Supplemental Principles” will have the meaning given in the Data Privacy Framework;
1.11 "Standard Contractual Clauses" means: (i) where the EU GDPR or Swiss DPA applies, the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council ("EU SCCs"); and (ii) where the UK GDPR applies, standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR ("UK SCCs"); and (iii) where Serbian Data Protection Law applies, the Serbian SCCs; and
1.12 "Swiss DPA" means the revised Swiss Federal Act on Data Protection enacted on September 25, 2020, and effective on September 1, 2023, as may be amended or superseded from time to time.